From 7611246e004d8b36fc15a002712741b3c5b43ccb Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:55:45 +0900 Subject: [PATCH] Fix code scanning alert no. 14: Reflected server-side cross-site scripting Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..38d1a06 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -373,7 +373,7 @@ def get_access_rule(rule_id: str): try: access_rule = permissions_manager.get_access_rule(rule_id) if access_rule is None: - return Response(response=f"Access rule with rule_id {rule_id} not found.", status=404) + return Response(response=f"Access rule with rule_id {html.escape(rule_id)} not found.", status=404) else: return Response(response=json.dumps(access_rule.to_item()), status=200) except Exception as e: